CVE-2023-6322

May 15, 2024, 4:40 p.m.

7.2
High

Description

A stack-based buffer overflow vulnerability exists in the message parsing functionality of the Roku Indoor Camera SE version 3.0.2.4679 and Wyze Cam v3 version 4.36.11.5859. A specially crafted message can lead to stack-based buffer overflow. An attacker can make authenticated requests to trigger this vulnerability.

Product(s) Impacted

Product Versions
Roku Indoor Camera SE
  • 3.0.2.4679
Wyze Cam v3
  • 4.36.11.5859

Weaknesses

References

https://bitdefender.com/blog/labs/notes-on-throughtek-kalay-vulnerabilities-and-their-impact/

Tags

CWE-121
2024-05-15
cve-requests@bitdefender.com
CVE-2023-6322

CVSS Score

7.2 / 10

CVSS Data

  • Attack Vector: NETWORK
  • Attack Complexity: LOW
  • Privileges Required: HIGH
  • Scope: UNCHANGED
  • Confidentiality Impact: HIGH
  • Integrity Impact: HIGH
  • Availability Impact: HIGH
    • View Vector String

    CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Date

  • Published: May 15, 2024, 1:15 p.m.
  • Last Modified: May 15, 2024, 4:40 p.m.

Status : Awaiting Analysis

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

cve-requests@bitdefender.com

*Disclaimer: Some vulnerabilities do not have an associated CPE. To enhance the data, we use AI to infer CPEs based on CVE details. This is an automated process and might not always be accurate.